commit 4e3d154f6759ca8ed178c2f293c36c042e446d0a
author Alexandr Lovtsov <alovtsov@mirantis.com> Tue Apr 16 13:32:30 2019 +0300
committer Aleksey Zvyagintsev <azvyagintsev@mirantis.com> Mon May 27 12:28:25 2019 +0000
tree b937c808f34e7c4f85f84ea98d4654b994c23a75
parent 78c5f6d1904f34a0450f559b77484dc32062cc29

Drop static passwords

For security reasons, all passwords must be generated. That's why
all password related parameters has been moved to defaults but
commented out, so they will be required and one have to set needed
parameters if any of them used but missing, and also to have a reference.

Exclusions:
- `opencontrail_message_queue_password` must be defined due of
  limitations in OpenContrail over OpenStack
- `rabbitmq_guest_password` for backward compatibility
- `keepalived_openstack_telemetry_vip_password` for backward
  compatibility
- `gerrit_ldap_bind_password` for backward compatibility
- `opencontrail_identity_password` for backward compatibility
- `kubernetes_openstack_provider_cloud_password` for backward
  compatibility

This is kind of backport of https://gerrit.mcp.mirantis.com/#/c/34068/
to release/2019.2.0.

Change-Id: Id63bc4be2ef9dfaf369c583e017718c8253c8e93
Prod-related: PROD-29480

keepalived/cluster/instance/kube_api_server_vip.yml

diff --git a/keepalived/cluster/instance/kube_api_server_vip.yml b/keepalived/cluster/instance/kube_api_server_vip.yml
index f7fbce8..42d95f1 100644
--- a/keepalived/cluster/instance/kube_api_server_vip.yml
+++ b/keepalived/cluster/instance/kube_api_server_vip.yml
@@ -8,7 +8,6 @@
     keepalived_kube_apiserver_vrrp_script_content: "pidof haproxy && systemctl status kube-apiserver.service --quiet --no-pager"
     keepalived_k8s_apiserver_vip_interface: ens3
     keepalived_k8s_apiserver_vip_address: ${_param:kubernetes_control_address}
-    keepalived_k8s_apiserver_vip_password: password
   keepalived:
     cluster:
       vrrp_scripts:
@@ -25,4 +24,4 @@
           interface: ${_param:keepalived_k8s_apiserver_vip_interface}
           virtual_router_id: 60
           priority: ${_param:keepalived_vip_priority}
-          track_script: k8s_vip
\ No newline at end of file
+          track_script: k8s_vip

keepalived/cluster/instance/openstack_barbican_vip.yml

diff --git a/keepalived/cluster/instance/openstack_barbican_vip.yml b/keepalived/cluster/instance/openstack_barbican_vip.yml
index 3c733c4..f6e430f 100644
--- a/keepalived/cluster/instance/openstack_barbican_vip.yml
+++ b/keepalived/cluster/instance/openstack_barbican_vip.yml
@@ -3,7 +3,6 @@
 parameters:
   _param:
     keepalived_openstack_barbican_vip_address: ${_param:cluster_vip_address}
-    keepalived_openstack_barbican_vip_password: password
     keepalived_openstack_barbican_vip_interface: eth1
     keepalived_vip_virtual_router_id: 250
     keepalived_vip_address: ${_param:keepalived_openstack_barbican_vip_address}

keepalived/cluster/instance/openstack_baremetal_vip.yml

diff --git a/keepalived/cluster/instance/openstack_baremetal_vip.yml b/keepalived/cluster/instance/openstack_baremetal_vip.yml
index 355cf53..fe2b527 100644
--- a/keepalived/cluster/instance/openstack_baremetal_vip.yml
+++ b/keepalived/cluster/instance/openstack_baremetal_vip.yml
@@ -5,7 +5,6 @@
 parameters:
   _param:
     keepalived_openstack_baremetal_vip_address: ${_param:cluster_baremetal_vip_address}
-    keepalived_openstack_baremetal_password: password
     keepalived_openstack_baremetal_vip_interface: eth1
     keepalived_openstack_baremetal_vip_virtual_router_id: 132
     keepalived_openstack_baremetal_vip_priority: ${_param:keepalived_vip_priority}

keepalived/cluster/instance/openstack_manila_vip.yml

diff --git a/keepalived/cluster/instance/openstack_manila_vip.yml b/keepalived/cluster/instance/openstack_manila_vip.yml
index d8330c4..b87d998 100644
--- a/keepalived/cluster/instance/openstack_manila_vip.yml
+++ b/keepalived/cluster/instance/openstack_manila_vip.yml
@@ -3,7 +3,6 @@
 parameters:
   _param:
     keepalived_openstack_manila_vip_address: ${_param:cluster_vip_address}
-    keepalived_openstack_manila_vip_password: password
     keepalived_openstack_manila_vip_interface: eth1
     keepalived_vip_virtual_router_id: 235
     keepalived_vip_address: ${_param:keepalived_openstack_manila_vip_address}

keepalived/cluster/instance/openstack_telemetry_vip.yml

diff --git a/keepalived/cluster/instance/openstack_telemetry_vip.yml b/keepalived/cluster/instance/openstack_telemetry_vip.yml
index 5dc91a1..92aa048 100644
--- a/keepalived/cluster/instance/openstack_telemetry_vip.yml
+++ b/keepalived/cluster/instance/openstack_telemetry_vip.yml
@@ -3,7 +3,6 @@
 parameters:
   _param:
     keepalived_openstack_telemetry_vip_address: ${_param:cluster_vip_address}
-    keepalived_openstack_telemetry_vip_password: password
     keepalived_openstack_telemetry_vip_interface: eth1
     keepalived_vip_virtual_router_id: 230
     keepalived_vip_address: ${_param:keepalived_openstack_telemetry_vip_address}

keepalived/cluster/instance/openstack_web_public_vip.yml

diff --git a/keepalived/cluster/instance/openstack_web_public_vip.yml b/keepalived/cluster/instance/openstack_web_public_vip.yml
index 363f23b..3efebd2 100644
--- a/keepalived/cluster/instance/openstack_web_public_vip.yml
+++ b/keepalived/cluster/instance/openstack_web_public_vip.yml
@@ -5,7 +5,6 @@
 parameters:
   _param:
     keepalived_openstack_web_public_vip_address: ${_param:cluster_vip_address}
-    keepalived_openstack_web_public_vip_password: password
     keepalived_openstack_web_public_vip_interface: eth1
   keepalived:
     cluster: